OpenBSD Journal

pflkm for NetBSD-current available

Contributed by jose on from the portable-filters dept.

tom hensel writes : " The OpenBSD packet filter (or pf, for short) replaced Darren Reed's IP Filter in OpenBSD 3.0, due to problems with IP Filter's license. Since then, pf has evolved quickly, and now has several advantages over IP Filter. Here is a port of the pf code found in OpenBSD 3.3 to NetBSD 1.6.1. </snip>

...and now for NetBSD-current, see http://foo.unix.se/joelw/pflkm.html "

Again, this is pretty neat to see our packet filter getting ported around. Anyone know if they have been able to contribute back any pacthes, feature enhancements, or the like?

(Comments are closed)


Comments
  1. By henning () henning@openbsd.org on mailto:henning@openbsd.org

    there hasn't been feedback from the netbsg guys, which I treat as sign that they didn't find anything wrong ;-)
    anyway, guys, feel free to contact us/me.

  2. By Anonymous Coward () on

    Given that part of the openbsd philosphy seems to be to keep things as simple as possible in terms both properly coding and limiting unnecessary functionality at what point should pf stop getting additional features? When will it be good enough (meaning have enough features to do the job) to just start working on bug fixes? And no I don't know of any bugs, but I can't believe that there are none.

    Comments
    1. By Anonymouserest Bovinen () on

      Well... that's like saying "When does the painter's pallete have to many colors?"
      The ability to make rules based on data input from features such as OS finger printing and etc. does not exactly make PF bloaty, and if you don't like the extra feature, you can always take it out, this is still the BSD license right? :)

      But I kid... I can see why you might be concerned, but knowing the minimalist Theo can be at times... I don't think features in PF will ever become a diar problem for us

      And actually, I welcome any more creative ideas that are able to uniquely target specific types of traffic, especially since as someone else mentioned, you could use the new finger printing feature to block any Windows machines, and hence probably cut down on spam LOL

Credits

Copyright © - Daniel Hartmeier. All rights reserved. Articles and comments are copyright their respective authors, submission implies license to publish on this web site. Contents of the archive prior to as well as images and HTML templates were copied from the fabulous original deadly.org with Jose's and Jim's kind permission. This journal runs as CGI with httpd(8) on OpenBSD, the source code is BSD licensed. undeadly \Un*dead"ly\, a. Not subject to death; immortal. [Obs.]